2 * //******************************************************************
4 * // Copyright 2016 Samsung Electronics All Rights Reserved.
6 * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
8 * // Licensed under the Apache License, Version 2.0 (the "License");
9 * // you may not use this file except in compliance with the License.
10 * // You may obtain a copy of the License at
12 * // http://www.apache.org/licenses/LICENSE-2.0
14 * // Unless required by applicable law or agreed to in writing, software
15 * // distributed under the License is distributed on an "AS IS" BASIS,
16 * // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * // See the License for the specific language governing permissions and
18 * // limitations under the License.
20 * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
22 package org.iotivity.cloud.accountserver.x509.crl;
24 import java.math.BigInteger;
25 import java.security.KeyFactory;
26 import java.security.KeyPair;
27 import java.security.KeyPairGenerator;
28 import java.security.PrivateKey;
29 import java.security.SecureRandom;
30 import java.security.Security;
31 import java.security.spec.ECGenParameterSpec;
32 import java.security.spec.PKCS8EncodedKeySpec;
33 import java.util.Date;
35 import org.bouncycastle.asn1.x500.X500Name;
36 import org.bouncycastle.cert.X509CRLHolder;
37 import org.bouncycastle.cert.X509v2CRLBuilder;
38 import org.bouncycastle.jce.provider.BouncyCastleProvider;
39 import org.bouncycastle.operator.ContentSigner;
40 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
42 public final class CrlIssuer {
44 private static final String BC = org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME;
45 private static final String SIGNING_ALGORITHM = "SHA256withECDSA";
48 throw new AssertionError();// to get rid of security issue, connected
49 // with Java Reflection API
53 Security.insertProviderAt(new BouncyCastleProvider(), 1);
56 public static byte[] generateCrl(String issuerName, Date thisUpdate,
57 CrlInfo[] items, byte[] issuerPrivateKey) throws Exception {
59 X500Name issuerDN = new X500Name(issuerName);
60 X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuerDN,
63 for (CrlInfo item : items) {
64 crlBuilder.addCRLEntry(item.getSerialNumber(),
65 item.getRevocationDate(), 0);
68 KeyFactory kf = KeyFactory.getInstance("ECDSA");
69 PrivateKey privateKey = kf
70 .generatePrivate(new PKCS8EncodedKeySpec(issuerPrivateKey));
72 // build and sign CRL with CA private key
73 ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM)
74 .setProvider(BC).build(privateKey);
75 X509CRLHolder crl = crlBuilder.build(signer);
77 byte data[] = crl.getEncoded();
78 CrlStore.saveCrl(data);
83 public static byte[] getCrl() throws Exception {
84 return CrlStore.loadCrl();
87 public static void main(String[] args) {
88 System.out.println("Start!");
90 /* generate dummy crl items */
91 CrlInfo[] items = new CrlInfo[2];
93 for (int i = 0; i < items.length; i++) {
94 items[i] = new CrlInfo();
95 items[i].setSerialNumber(BigInteger.valueOf(val++));
96 items[i].setRevocationDate(new Date());
99 ECGenParameterSpec ecGenSpec = new ECGenParameterSpec("prime192v1");
101 KeyPairGenerator g = KeyPairGenerator.getInstance("ECDSA", "BC");
102 g.initialize(ecGenSpec, new SecureRandom());
103 KeyPair pair = g.generateKeyPair();
105 PrivateKey key = pair.getPrivate();
106 byte[] crl = generateCrl("C=DE,O=Samsung", new Date(), items,
109 System.out.println("Success!");
110 System.out.println("Stored CRL = " + getHex(crl));
111 } catch (java.lang.Exception e) {
114 System.out.println("End!");
117 static final String HEXES = "0123456789ABCDEF";
119 public static String getHex(byte[] raw) {
123 final StringBuilder hex = new StringBuilder(2 * raw.length);
124 for (final byte b : raw) {
125 hex.append(HEXES.charAt((b & 0xF0) >> 4))
126 .append(HEXES.charAt((b & 0x0F)));
128 return hex.toString();